CVE-2017-20209

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.0.1

Description Insufficient validation or escaping of user-supplied input on the 'Users' and 'Servers' pages allows an attacker to inject and execute arbitrary script in the context of a victim's browser. This is a cross-site scripting (XSS) issue, where malicious scripts are injected into otherwise trusted websites.

Recommendations Update to version 4.0.1.